On Linux systems, the runZero Explorer is executed by systemd using a unit file in /etc/systemd/system. The file name is runzero-agent-ORGUUID.service, where ORGUUID is the organization ID the explorer is associated with.
You can tell systemd to write log output to syslog instead of files or the systemd journal. In the service file, add the following to the [Service] section:
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=runzero_explorerIn rsyslog, you can then redirect the explorer logs anywhere you like with a directive such as this one, which can be set in /etc/rsyslog.conf:
if $programname == 'runzero_explorer' then /var/log/runzero_explorer
& stopTo make the changes take effect, you will want to run:
systemd restart rsyslog
systemctl daemon-reload
systemctl restart runzero-agent-ORGUUIDYou should then see the explorer logs appear in /var/log/runzero_explorer
Using this method you can run multiple explorers on a single host, and direct their output to different destinations.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article